Critical severity9.4NVD Advisory· Published Mar 10, 2026· Updated May 7, 2026

CVE-2025-69614

Description

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

Affected products

Telekom/Account Management Portal
cpe:2.3:a:telekom:account_management_portal:*:*:*:*:*:*:*:*
Range: <2025-10-27
Deutsche Telekom AG/Telekom Account Management Portaldescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/ethicalrohitt/b3e6d071aac8530459e8b3a5720bb832nvdThird Party Advisory
www.telekom.com/en/company/data-privacy-and-security/news/acknowledgements-358300nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.611
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000